Sushila Madan

Security Standards Perspective to Fortify Web Database Applications from Code Injection Attacks

In recent years, web application security has become the primary discussion for security experts, as application attacks are constantly on rise and posing new risks for organizations. Several trends have emerged lately in the attacks launched against web application. The implementation of International security standard is to minimize the security failures and to mitigate their consequences. The aim of this research paper is to study and analyze the various International Standards like ISO-27002, OWASP, COBIT, PCI/DSS and depict the extent of coverage of countermeasures which focus on security of web applications from the perspective of preventing web applications attacks predominantly from Code Injections attacks.

Shielding against SQL Injection Attacks Using ADMIRE Model

In recent years, web applications have become tremendously popular. However, vulnerabilities are pervasive resulting in exposure of organizations and firms to a wide array of risks. In spite of many tools and techniques, attacks on web application especially through SQL Injection Attacks are at a rise. Threat modeling is an important risk assessment and mitigation practice that provides the capability to secure a web application. A comprehensively designed threat model can provide a better understanding of the risks and help determine the extent of mitigation action. This paper aims to initiate the threat risk model ADMIRE which is a comprehensive, structured and stepwise approach, which would help to identify and mitigate SQL Injections attacks and shield the database lying in the database servers, which may be unauthorizedly accessed for malafide reasons from the web applications.

Fuzzy Multi-criteria Approach for Component Based Software System Under Build-or-Buy Scheme

With the rising awareness of advancements in Information technology amongst various industries, the predilection to selection of commercial-off the shelf (COTS) components have increased invariably. It provides the ability to reuse the software components, thereby, maximizing the reliability while reducing the developmental cost. The decision of whether to buy the component or build from scratch, is known as build-or-buy decision. In order to prevent the software from failure, redundant components have to be incorporated which can be ascertained using fault tolerant schemes. Further, the innovation in the field of Application Package Software (APS) has supplemented the industry with highly configurable, sophisticated applications. Through this paper, we shall discuss a framework concentrating upon whether to build or buy the software components while designing a fault-tolerant modular software system. The objective of the paper is to maximize the reliability of the software while minimizing the overall cost. Further, the components with comparatively less execution time are chosen over the ones which require more time for executing the software. Hence the objective of the paper shall further be elaborated upon minimizing the execution time with the aid of a case study on supplementing an APS for Airline Industry.

Optimal Build-or-Buy Decision for Component Selection of Application Package Software

Application Package Software (APS) is a collection of software programs developed for the purpose of being licensed to third-party organizations. Examples of APS include accounting systems, human resources software, and enterprise resource planning (ERP) software. With the advancement in Information technology, Component Based Software Engineering (CBSE) has emerged for rapid assembly of flexible modular software systems. It promotes software re-use for large software systems by purchasing components in the form of commercial-off the shelf components from the vendor. If the required component is not available in the market, then it has to be developed in-house. This decision of whether to buy the component or build from the scratch is known as build-or-buy decision. Through this paper, we shall discuss a framework that will help the developer to decide whether to buy or to build software components while designing a fault-tolerant modular software system. This paper proposes optimization models for optimal component selection for a fault-tolerant modular software system under the Recovery Block Scheme (RBS).

A Paradigm Approach to Generate Trust Index Using 3C3G Framework for B2C E-Commerce Websites

The growth in the number of Internet users across the globe has triggered the advancement in the field of E-Commerce. E-Commerce sales have been skyrocketing across the world. For the successful implementation of a B2C E-business, it is necessary to understand the trust issues associated with the online environment which holds the customer back from shopping online. This paper proposes a framework for assessing the level of trust in any B2C E-Commerce website. The study aims to identify the trust factors pertaining to B2C E-Commerce websites from the perspective of the Indian customer and calculate the trust index of the website based on these factors. This was done by first distinguishing the trust factors, taking experts’ judgments on them and then studying the customers’ responses regarding B2C E-Commerce websites with respect to the trust parameters and examining their significance. Additionally, it worked on the development of a fuzzy system using Mamdani fuzzy inference system for the calculation of the trust index depicting customers’ confidence level in any B2C E-Commerce website.

OPTIMAL COMPONENT SELECTION APPROACH FOR FAULT-TOLERANT SOFTWARE SYSTEM UNDER CRB INCORPORATING BUILD-OR-BUY DECISION

Application Package Software (APS) has emerged as a ready-to-use solution for the software industry. The software system comprises of a number of components which can be either purchased from the vendor in the form of COTS (Commercial Off-the-Shelf) or can be built in-house. Such a decision is known as Build-or-Buy decision. Under the situations wherein the software has the responsibility of supervising life-critical systems, the inception of errors in software due to inadequate or incomplete testing, is not acceptable. Such life-critical systems enforces upon meeting the quality standards of the software as unforbiddenable. This can be achieved by incorporating a fault-tolerant design that enables a system to continue its intended operation rather than failing completely when some part of the system fails. Moreover, while designing a fault-tolerant system, it must be apprehended that 100% fault tolerance can never be achieved and the closer we try to get to 100%, the more costly the system will be. The proposed model shall incorporate consensus recovery block scheme of fault tolerant techniques. Through this paper, we shall focus on build-or-buy decision for an APS in order to facilitate optimal component selection thereby, maximizing the reliability and minimizing the overall cost and source lines of code of the entire system. Further, since the proposed problem has incompleteness and unreliability of input information such as execution time and cost, hence, the environment in the proposed model is taken as fuzzy.

Homomorphic framework to ensure data security in cloud environment

Cloud computing technology offers so many luxuries like low cost, ease of accessibility of resources, high performance due to which it becomes a forthcoming revolution among organizations. Organisations are still very reluctant to store their data on cloud because it shifts the organizations data on cloud which is not trustworthy. There are different types of issues like Security, Protection, Identity Management, Management of resources, Management of Power and Energy, Data Isolation, Availability of resources and Heterogeneity of resources which has been observed in cloud computing environment that need to be addressed. According to survey conducted by IDC security was found to be most challenging issue which act as an obstruction in implementation of cloud computing. Cryptographic techniques that can be used as secure storage can help cloud computing at some extent but the major disadvantage of secure storage is that we cannot perform processing on encrypted data. So, in order to provide the security to the cloud network, homomorphic encryption technique can be used. In homomorphic encryption computations can be performed on cipher text and generate an encrypted result which will be same as result of operations performed on the plaintext when decrypted. This means in homomorphic encryption we can process the data without decryption. In this paper security issue is addressed in such a way that client will encrypt password with homomorphic encryption and then server performs equality testing on encrypted data in the form of encrypted array which will be decrypted by owners of data only.

Assessing the Differential Effect of Web Usability Dimensions on Perceived Usefulness of a B2C E-Commerce Website

The current invigorated wave of E-commerce initiatives, post the initial boom and dot com bubble burst is definitely more prudent. Therefore, business community is looking to academe for understanding of how usability can be increased to reap the numerous benefits of E-commerce. This study has been undertaken in context of B2C E-commerce websites and its main purpose is to analyze the differential impact of web usability dimensions on perceived usefulness. This is done by studying customers’ responses regarding B2C E-commerce websites with respect to four usability dimensions. A questionnaire survey is used to collect data from select respondents (N=415) and analysis is performed using structural equation modelling (SEM). Findings suggest that although all four dimensions significantly impact perceived usefulness, system quality followed by trust are the two most important factors. The study has important implications for website designers, developers and researchers.

Spectrum sensing for 4G LTE OFDM signals in heterogeneous network using neural network

Spectrum sensing is an important requirement in cognitive radios deployed in advanced 4G wireless communication systems. The cognitive radio has to classify the signal of interest from many such signals in its vicinity. There has been wide spread acceptance of multicarrier signal like orthogonal frequency division multiplexed (OFDM) due to its better protection characteristics against channel degradations. Many recent and upcoming wireless standards thus employ OFDM signal, and a CR radio has to classify the OFDM signal operating in a heterogeneous operating environment. In this paper, we have used artificial neural network-based classification of OFDM signal of third-generation partnership project long term evolution (3GPP LTE) signals that is used on 4G wireless networks. We used reference signal-induced cyclostationarity and cyclic prefix property as feature for classification. The 3GPP LTE OFDM signal classification is done in a heterogeneous network environment, in which other OFDM signal from IEEE WiMAX network and other single-carrier digital modulation signal presence are considered. Comparison of classification performance for multilayer perceptron and radial basis function neural network is presented. Effect of two training algorithms, Levenberg - Marquardt (LM) and Back Propagation with momentum, on the convergence rate for training the neural network is presented.

Privacy sustainability scheme in cloud environment

Usually in cloud computing, all the administrations are being provided through internet. From past few years, we have observed that expanding favouritism of putting away and deploying data on the cloud. Saving privacy of individual information has been turned an essential and squeezing issue while offering privacy of individual information. In this paper a scheme that guarantees protection supportability along with sustainability in cloud environment is proposed. In this proposed work, information records are transferred by the client to the cloud by method for a secure key distribution which is consolidated by a key server and license server. We have also introduced an effective and efficient advanced digital rights management (DRM) scheme that permits client who owns the data to outsource the encrypted data file to a centralized content server. It also allows clients to access the data through a license issued by license server. Further, we have applied encryption principles to guarantee protection and security of transferred document or data. The proposed scheme prevents the attempts of malicious attacks made by an unauthorized user along with providing a secure key distribution.